Logging in to a Django site with a magic token

I have a simple video website for my kids and each kid has a separate login. This is so they can each have their own videos, but also so that some videos can be private (ie. hidden from the outside world, or other logged in users). Typing in a username and password is impossible for my kids to do, as they are almost 5 and 2 years old, and they use this website on Google TV. So, with a magic token-style login, all they need to do is navigate to their bookmark on the Google TV homepage and press OK on the remote control.

(I don't need crazy security--it wouldn't be the end of the world if somehow someone guessed the magic token and saw some private videos, which are basically just home videos uploaded to Youtube. Videos that I really wouldn't want the public to see don't get uploaded to Youtube in the first place.)

I couldn't find how to do this easily, although one person on stackoverflow suggested "logging in the user in the view by calling 'login'". The tricky part was figuring out that I had to set the User object's backend to 'django.contrib.auth.backends.ModelBackend'. It's a bit of a hack, but it works, and it's simple.


class MagicToken(models.Model):
    user = models.OneToOneField(User)
    magictoken = models.CharField(max_length=128, unique=True)
    def __unicode__(self):
        return unicode(self.user)


from django.http import HttpResponse, HttpResponseRedirect, Http404
import django.contrib.auth.login
class MagicTokenLogin(View):
    def get(self, request, token):
            magic_token_obj = MagicToken.objects.get(magictoken=token)
        except MagicToken.DoesNotExist:
            raise Http404
        user = magic_token_obj.user
        user.backend = 'django.contrib.auth.backends.ModelBackend'
        django.contrib.auth.login(request, user)
        if request.user.is_authenticated():
            # login successful
            return HttpResponseRedirect(reverse('some-view-for-logged-in-users'))
            # login failed
            return HttpResponseRedirect(reverse('some-view'))


Controversies involving campaign finance and disclosure reports can get a little tricky sometimes, but this one is actually pretty straightforward: Land has given her Senate campaign nearly $3 million of her own money. What wrong with that? In theory, nothing there are no legal limits on how much candidates can spend on their own behalf.

I have been following your blog for some time now and have found it quite informative and also interesting and you have very nice way of expressing the article.It's hard to discover fantastic composition like yours nowadays.Looking forward to another article.

I enjoyed over read your blog post. Your blog have nice information, I got good ideas from this amazing blog. I am always searching like this type blog post. I hope I will see again.

I think your suggestion would be helpful for me. I will let you know if this works for me Thanks and keep posting such a informative blog. 350-029 vce

Nice to see your new and magic token post. Its really very interesting post. I always like your hard working because your post gives us great ideas. Please keep posting. Heavy duty new playground tiles available in black colors

The post is written in a very good manner and it entails much useful information for me. I am happy to find your distinguished chaussures nike running france http://www.chaurunning.com/nike-c-1.html way of writing the post. I really appreciate the kind of topics you post here. Thanks for sharing us a great information that is actually helpful. Good day!

An interesting dialogue is price comment. I feel that it is best to write more on this matter, it may not be a taboo topic however usually individuals are not enough to talk on such topics. To the next. Cheers.

Add new comment